FineDroid: Enforcing Permissions with System-Wide Application Execution Context
作者: Yuan Zhang , Min Yang , Guofei Gu , Hao Chen
DOI: 10.1007/978-3-319-28865-9_1
关键词:
摘要: To protect sensitive resources from unauthorized use, modern mobile systems, such as Android and iOS, design a permission-based access control model. However, current model could not enforce fine-grained over the dynamic permission use contexts, causing two severe security problems. First, any code package in an application granted permissions, inducing attackers to embed malicious payloads into benign apps. Second, permissions may be utilized by attacker through vulnerable interactions. Although ad hoc solutions have been proposed, none systematically solve these issues within unified framework.
springer.com
ucdavis.edu 
sci-hub.st 参考文章(32)
Kapil Singh, Practical Context-Aware Permission Control for Hybrid Mobile Applications recent advances in intrusion detection. pp. 307- 327 ,(2013) , 10.1007/978-3-642-41284-4_16
Shashi Shekhar, Michael Dietz, Dan S. Wallach, AdSplit: separating smartphone advertising from applications usenix security symposium. pp. 28- 28 ,(2012)
Sven Bugiel, Ahmad-Reza Sadeghi, Stephan Heuser, Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies usenix security symposium. pp. 131- 146 ,(2013)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Yifei Wang, Srinivas Hariharan, Chenxi Zhao, Jiaming Liu, Wenliang Du, Compac: enforce component-level access control in android conference on data and application security and privacy. pp. 25- 36 ,(2014) , 10.1145/2557547.2557560
Michael Backes, Sven Bugiel, Sebastian Gerling, Scippa: system-centric IPC provenance on Android annual computer security applications conference. pp. 36- 45 ,(2014) , 10.1145/2664243.2664264